FEI 2.1.14 is here with a few key features that we hope will bring great value to large scale email investigations
We have extended FEI’s project-level aggregate data views to include domains and IP addresses. These views provide a high-level look into your project and help home in on suspect emails quickly. Here are a few things you can do:
Similar to FEI’s Evidence Grid, the project-level domain and IP views allow sorting and filtering. You can even create fairly advanced filter expressions with grouping and Boolean logic.
You can right-click on an item to quickly navigate to its parents or invoke the corresponding intelligence view such as Domain Intel or IP Intel.
You can also quickly export the data in these views via the select > copy > paste sequence. If you paste into spreadsheet software such as Excel, you can get a nice tabular view of the data.
In addition to being able to search email headers using the
headers keyword, FEI’s Index Search now contains two additional Index Search fields:
xmailer. These fields search the X-Originating-IP and X-Mailer MIME headers.
For instance, you can find emails with a value in their X-Mailer headers with the search
xmailer:*, or emails whose X-Originating-IP headers contain an IP address starting with 205 with the query
Quick reminder that we have also added S/MIME and OpenPGP decryption and signature verification capabilities to FEI recently in v2.1.13.
We hope that the new features will help you cut to the chase faster during phishing, malware, and BEC investigations
You can review the changelog below for a list of the remaining improvements. The new version is available for download here when you are ready.